CIA: Hackers to Blame for Power Outages (’nuff said)
CIA: Hackers to Blame for Power Outages
WASHINGTON (AP) — Hackers literally turned out the lights in
multiple cities after breaking into electrical utilities and demanding
extortion payments before disrupting the power, a senior CIA analyst
told utility engineers at a trade conference.
All the break-ins
occurred outside the United States, said senior CIA analyst Tom
Donahue. The U.S. government believes some of the hackers had inside
knowledge to cause the outages. Donahue did not specify what countries
were affected, when the outages occurred or how long the outages
lasted. He said they happened in "several regions outside the United
"In at least one case, the disruption caused a power
outage affecting multiple cities," Donahue said in a statement. "We do
not know who executed these attacks or why, but all involved intrusions
through the Internet."
A CIA spokesman Friday declined to provide additional details.
information that could be shared in a public setting was shared," said
spokesman George Little. "These comments were simply designed to
highlight to the audience the challenges posed by potential cyber
Donahue spoke earlier this week at the Process
Control Security Summit in New Orleans, a gathering of engineers and
security managers for energy and water utilities.
administration is increasingly worried about the little-understood
risks from hackers to the specialized electronic equipment that
operates power, water and chemical plants.
In a test last year,
the Homeland Security Department produced a video showing commands
quietly triggered by simulated hackers having such a violent reaction
that an enormous generator shudders as it flies apart and belches
The recorded demonstration, called the
"Aurora Generator Test," was conducted in March by government
researchers investigating a dangerous vulnerability in computers at
U.S. utility companies known as supervisory control and data
acquisition systems. The programming flaw was fixed, and equipment
makers urged utilities to take protective measures.
Now, this article says these attacks were outside the U.S. (since it came from the CIA, you can imagine why.) Also, it does NOT directly say that SCADA systems were attacked. However, these statements were made at a
SCADA "Process Control" Security conference, so I’m going to take the liberty of bridging that assumption. Either way, it highlights the problem at hand (see the 787 Dreamliner story and the Polish Tram derailment…)
Do y ou really think it’s that much of a reach to suggest it’s not happening on our shores?
If anyone gives me any more crap about being concerned regarding the possibility/potential for disruption…look at the boldfaced section. The compromise was conducted over the Internet. Don’t forget, this sort of thing is supposed to be impossible given some comments from my "awareness campaign":
No, Jake. I’m not a water utilities expert, just a concerned observer & citizen.
Hat tip to Stiennon for the source.